Developer Switches Business OpenClaw to RunLobster After Security Incident, Keeps Personal Instance Self-Hosted

Security Incident Drives Business Workload Migration

A developer shared their experience of running multiple self-hosted services including OpenClaw on a Hetzner box for 4 months using Docker and systemd. The setup included Nextcloud, Immich, Home Assistant, Plex, Vaultwarden, Paperless-ngx, and Uptime Kuma alongside OpenClaw.

Following the February CVE, they discovered their OpenClaw instance had been exposed on 0.0.0.0 and connected to their CRM with client data for 3 months. This security incident prompted them to move their business agent to RunLobster while keeping their personal OpenClaw instance self-hosted on a Mac Mini.

Different Failure Consequences Drive Hosting Decisions

The developer explained their reasoning: "When my Immich goes down at 2am I fix it on Saturday morning. When a business agent goes down at 2am my CRM does not get updated, reports do not fire, and I wake up to chaos. The consequences are just different."

They pay $49/month for RunLobster to handle uptime and security patching for the business workload where they cannot afford downtime. Personal services remain self-hosted because they enjoy managing them and the stakes are lower.

The developer concluded: "This might be heresy in this sub. But I think the right answer is not self-host everything or manage everything. It is knowing which workloads have which failure consequences and choosing accordingly."